Tennis Australia's pre-emptive cyber strike

Lia Timson -Jan 17, 2012

Tennis Australia's CIO Samir Mahir at the AO Club on opening day of the 2012 Australian Open tournament. Photo: Lia Timson

When millions of tennis fans queried the australianopen.com website to find out what it would take Alexander Kudryavtsev to beat Roger Federer in last night's evening match at the Australian Open, they probably did not realise somewhere below the Rod Laver Arena in Melbourne, an army of IT professionals was monitoring their every move.

With cyber attacks on the rise, IBM - the official technology partner of the Australian Open and the other three major tournaments in the Grand Slam - keeps a close eye on traffic volume to the event's web and mobile sites. Any sign of unusual or overly large volumes of traffic, and red flags go up, albeit figuratively.

The company uses technology from its US$1.3 billion acquisition of Internet Security Services (ISS) in 2006 to monitor incoming web requests to prevent denial-of-service attacks (DOS) that can cripple a web service. Traffic hotspots are shown on a global map in real-time.

DOS can happen unwittingly – as in when genuine large traffic from thousands of concerned residents hit an unprepared target all at once as happened with the Brisbane City Council website during last year's devastating floods – or by design. The latter is used by hackers to interrupt online services for money, as a decoy for a larger cyber attack, or as an act of hacktivism.

Distributed DOS - when the attack originates from multiple sources - is among the fastest growing cyber threats, with security experts warning 2012 will see more take shape as hacktivists and budding criminals make use of freely available tools.

The attacks are triggered by millions of computers – or bots – when commandeered by a bot master. Consumer and enterprise PCs infected with viruses such as Zeus and its variants are one of the weapons used by hackers to commandeer machines.

Nick Race, ANZ country manager of Arbor Networks, a company that provides security to web hosts against DDOS, says the attack type is on the rise because tools to distribute the code required to turn single computers into bots are readily available on the internet, complete with instructions. Security researcher and journalist Brian Krebs has reported the underground going rate to hire a botnet to take a website offline is as little as US$50 per day.

A recent Arbor Networks report revealed more than 50 per cent of data centres worldwide experience more than 10 DDOS attacks per month.

Less frequent are the DOS attacks performed by willing volunteers, such as the campaign led by Anonymous against VISA, Pay Pal and Mastercard in 2010 in retaliation for their blocking of donations to whistleblower site Wikileaks.

"When you deal with web hosting you have to plan for DOS attacks. We have planned with IBM from the beginning, from the get go on this project, to make sure the infrastructure is secure and any issues or otherwise are definitely [included] in the risk mitigation," says Samir, chief information officer of the Australian Open, a veteran of major IT events and a former IBM employee.

While some solutions block incoming IP traffic at the firewall to prevent multiple requests, Munro Mauro Mazorati, working in IT Architecture, IBM, says the answer in the Grand Slam's case is to analyse and shape the incoming traffic and not make bulk decisions that could, for example, block all traffic from a certain country or region leaving genuine fans without access to information.

"Essentially if [the traffic] is out of the profile, the system will not satisfy the request," Munro says.

So while an attack from a specific IP address may not go through, a genuine query from the same address would, he says.

"We do traffic shaping in real-time before the transaction is allowed in the data centre."

Cloud computing

Security monitoring is only part of the job of up to 40 US-based IBM IT staff who travel around the world with the grand slam technology outfit every year. They also bring servers and an arsenal of laptops to render match graphics and results to send out to the website, web applications like Slamtracker, on-court score boards, broadcasters and 800 media personnel at the venue.

However, the event today requires about a third of the server hardware it once used because it now employs virtualisation and cloud computing housed in three separate US data centre locations to process live match data.

IBM has held the IT contract for the tennis event in Australia for 19 years and in the US for 25. The same team also serves the French Open, Wimbledon, the US Open golf tournament in Augusta and the Tony Awards.

Cloud computing is being used by the Australian Open for the first time to provision additional servers on demand in order to create maximum redundancy and mitigate against disasters. New servers can now be deployed in less than 3 minutes and be ready to run with migrated applications in less than five minutes, according to Patrick Childress, IBM's real-time events project manager.

"We need the architecture to handle loads properly. The reason we are using cloud computing and the three farms is to spread the load," says Samir Mahir, CIO, Tennis Australia.

IBM's private cloud is located on server farms in three different US locations understood to have been chosen for depending on separate major telecommunications links.

Each server cluster is capable of fulfilling 50 per cent of the maximum forecast demand for australianopen.com which experiences a major spike in traffic only once a year during the two-week January event, according to Mazorati.

The site received 35.7 million page visits from more than 10 million unique visitors in 2011.

"The (clusters) are sized for a 50 per cent buffer. As long as the spike is within that big error rate, it's planned for," Mazorati says.

"Beyond that we do content shedding and other things to make the page less heavy [to serve]. It's good planning to [anticipate] what the page can do without," he says.

Predictive Analysis

In addition to providing web hosting and security for the tennis tournament, Big Blue has also crunched 10 years' worth of Grand Slam match results, individual player performance indicators and other data to predict their likelihood to score points, deliver rallies or have an aggressive streak. The predictive analytics application was tailored using the company's Cognos product as base.

The resulting data is served through the "key to the match" tab in the Slamtracker widget, which although providing rich information for live matches, sadly, hangs often and cannot be bookmarked.

Apps and less

IBM also provides spectator apps for the iOS and Android devices, but this year discontinued an augmented reality app launched in 2010. It now uses Google Maps inside the mobile apps to help people find courts and venues.

"We found there wasn't enough demand yet. People were not quite ready for it," says Sarah Cole, IBM sponsorship manager.

Separate applications run on handheld devices used by umpires, serve speed camera operators and court statisticians to record and feed live match data into the overall analytics database.

Lia Timson attended the behind-the-scenes technology tour of the Australian Open as a guest of IBM and Tennis Australia.